CISCO got hacked and more third-party breaches

This Cyber Weekly includes:

1. CISCO getting hacked
2. Third party breach...again
3. Farming industry attacked in Quebec
4. Another third-party breach...
   

‍

Thanks for sharing this newsletter to more people. You can share the post in the top right corner of this article.

‍

CISCO got Hacked

‍

CISCO confirmed they were attacked last week. They provided a detailed report explaining how it happened. Here is a short summary:

‍

“The user had enabled password syncing via Google Chrome and had stored their Cisco credentials in their browser, enabling that information to synchronize to their Google account.

‍

Once the attacker had obtained initial access, they enrolled a series of new devices for MFA and authenticated successfully to the Cisco VPN.

‍

The attackers then:

• Escalated their privileges to “admin”, allowing them to log in to various systems (and this is when Cisco Security’s IT team noticed something was amiss)
• Dropped remote access and offensive security tools
• Added backdoor accounts and persistence mechanisms

‍

The attackers managed to compromise a series of Citrix servers and eventually obtained privileged access to domain controllers.

‍

They only managed to steal the contents of a Box folder that was associated with a compromised employee’s account and employee authentication data from Active Directory.”

‍

There is even more detail about the series of events here.

‍

My thoughts: Browsers often have built-in password managers. They are relatively safe because they generate difficult passwords, encrypt the passwords and sync them across devices, but they are not as safe as dedicated password managers. Because Chrome doesn’t use a master password to encrypt all your logins, this makes it weak to “local attacks”. I would recommend a dedicated password manager and of course don’t reuse passwords.

‍

‍

Another Third-Party Breach (Are these surprising anymore?)

‍

Domain Logistics, the third-party distribution center for the Ontario Cannabis Store, was the victim of a cyber attack last week. As a direct result, the Ontario Cannabis Store is unable to process or deliver orders to shops and customers. This affects 1333 licensed cannabis stores. (cp24)

‍

My thoughts: Once again, we hear about a third-party breach. At this point, I think it’s weekly. I predict that third-party risk management will soon be mandatory. Mark my words. Also, we created an article about third-party risk management to help you get started.

‍

‍

Quebec farmers union Attacked

‍

Employees cannot access its network at the Union Des Producteurs Agricoles (Union Of Agricultural Producers), Quebec’s farming association after being a victim of a cyber attack last week. All their computers are affected, but this incident should not impact the farmers in the short-term. The hackers are demanding a ransom in exchange for a decryption key. (MontrealGazette)

‍

My thoughts: This is hitting very close to home. We might be able to disassociate from the attacks because the “hackers” won’t try to target us. But this story makes it very real. Had farmers been impacted, we (consumers) would have been in big trouble.

‍

‍

Quebec, Motorsport Company Attacked

‍

BRP is the holding company for Bombardier Recreational Products Inc. They produce motorsports products including brands like Ski-Doo and Sea-Doo and they too were hacked last week. They took immediate action, but their operations went down. As a result, they are increasing production of products at their other facilities. They believe only their internal systems were impacted. The company noted that the attack was a malware infiltration through a third-party service provider. (financialpost)

‍

My thoughts: Third-party risk management is coming faster than we think. If you had to deal with a ransomware attack that was caused by one of your vendors, would you continue working with them? Would you start conducting due diligence on your other vendors?

‍